Re: [psa-crypto] What are the rules for driver calls to the PSA crypto interface? - psa-crypto

10 May 2021


      Hi Beat,
This is still an open point in the design.
It's clear that some back-and-forth is needed. An accelerator needing a
source of randomness is a good example. In some cases, it's possible to
have the core call a deterministic function in the driver, for example
accelerated RSA-PSS can often be broken down into the RSA exponentiation
(accelerated) and PSS padding (unaccelerated except maybe for the hash
calculations, done by the core). This kind of scenario calls for
additional entry points in the driver, which has the advantage of not
requiring any control inversion. These additional entry points are
evoked under “substitution points” in the specification draft.
However, other cases cannot be done this way, for example if a driver
needs a random generator to perform blinding. Other examples include an
opaque driver using a local cipher to encrypt communication with a
secure element over an insecure bus, or a driver loading an auxiliary
firmware image and verifying its signature. These cases are varied
enough that I think it must be possible for drivers to call any API
function. But as you note this may cause reentrancy problems, so there
should be some limitations.
It's not clear to me at this stage what the limitations should be. For
example, what rules would facilitate static bounds on stack usage? Can
the rules be enforced cheaply at runtime, and are violations likely to
be detected by unit tests? Can the rules realistically be validated by
static analysis?
The exact manner in which drivers might call core functions is also
open. Are there additional auxiliary functions that the core should
expose (for example, might a driver prefer to have the core expose
rsa_pss_pad())? The functions that the driver sees are not necessarily
the same that the functions that applications see (at the very least,
they're different on platforms where applications run in their own
memory space and PSA API calls are remote procedure calls, whereas
drivers live in the crypto service's memory space). So they can't be
guaranteed to have the same symbol name. Types like psa_key_id_t and
psa_key_attributes_t may be different in applications and in drivers as
well.
I expect it's going to take a while to converge on all of these open
questions. As the use cases are diverse, feedback is very welcome.
-- 
Gilles Peskine
PSA Crypto architect and Mbed TLS developer

On 07/05/2021 10:55, Beat Heeb via psa-crypto wrote:
> Hi,
>
> It is unclear whether drivers are allowed to call functions of the outer PSA crypto interface.
> If this is allowed, strict rules are needed to avoid hard to find recursive invocation and reentrancy problems.
> Such problems are not necessarily detected at development time because they may be caused by a combination of several drivers developed by different vendors.
> The easiest and most secure way would be to prohibit such calls completely.
> However, at least in one case they are unavoidable:
> Several driver functions need a source of randomness to fill some random values (cipher_encrypt, RSA_PSS, non-deterministic ECDSA, ..).
> Getting randomness is non-trivial and involves special hardware in most cases which is usually not accessible to any driver (in particular accelerators).
> So drivers must be allowed to call at least psa_generate_random().
> The only alternative would be to split up all affected functions to separate randomness generation from cryptographic calculations.
> Regards
> Beat
>